The use of computers, netbooks, notebooks and tablet-like devices within computer networks such as the Internet is constantly growing. Additionally, with the increase in processing power mobile phones (including so called “smartphones” which are essentially computing devices) have become more powerful making functionality traditionally ascribed to the non-mobile computing environment available on a mobile platforms. Further, laptops, tablets and other hand-held computing devices may be connected to the Internet or other wide area networks via a wireless data network, such as those available from any number of wireless carriers.
In concert with this development, there are a myriad of traditional services and transactions that do not easily transition to the electronic computing environment including, for example, services/transactions where a user's hand written signature is required. For example, it is still common practice that the contracts or other documents involved in the sale of property, or a merger or acquisition be executed with human signatures. In addition, in some countries a person's signature is required for even more basic day-to-day transactions. Even further, in some cultures the signature is not enough but rather is replaced or accompanied by a seal that is personal to the user, e.g., a chop. Where the parties to these transactions are not collocated this typically results in the exchange of multiple faxes. Using a fax machine can compromise the integrity of the signature and, in some instances, may allow for breaches in security.
Furthermore, there are other day-to-day transactions that require a person's signature, which could be potentially forged and result in substantial losses to a retail business. For example, when a credit card is stolen, the victim is often unaware that his or her credit card is stolen. In some instances, the victim's physical credit card need not be stolen; simply obtaining the victim's credit card information (such as the credit card account number, expiration date, and credit card security code) allows for creation of any number of physical credit cards bearing the victim's credit card information (known as “credit card cloning”). The cloned credit card may then be used by simply forging the victim's signature without reservation. The end result is that the victim, at minimum, has to resolve the billing issues that arise with the credit card company. In some instances, the impact on the victim can be greater as the fraudulent activity, if it goes undetected long enough, may affect their credit rating.
The ubiquitous reach of computers and their ability to exchange digital copies of information provide a convenient mechanism to transact business. In that regard, security within the computing environment or computer networks is important whenever users exchange personal information such as usernames and password, or other content with each other or trusted websites; or, in general, when business is conducted over such networks. And, although computer networks, such as the Internet, are used in transacting billions of dollars in business, those networks have the capacity to transact additional business such as those described above where traditional signatures are required or considered more trustworthy. However, computing devices and computer networks themselves suffer from security flaws.
These flaws may include man-in-the-middle (MITM) attacks. Considered an active eavesdropping attack, MITM works by an attacking host computer device establishing connections to victims' machines and relaying messages between them. Thus, in cases like these, one victim believes it is communicating directly with another victim, when in reality the communication flows through the host computer device (i.e., the “man in the middle”). The end result is that the attacking host can not only intercept sensitive data, but can also inject and manipulate a data stream to gain further control of a victim's computing device.
Another potential network security flaw is “phishing”. In the field of computer security, phishing is the criminally fraudulent act of acquiring sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Phishing attacks are especially commonplace when popular websites are involved, such as social networking websites (e.g., Facebook or MySpace), auction websites (e.g., EBay), or websites for any number of banks. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Even when using server authentication, it may require tremendous skill to detect that the website is fake. Phishing is an example of social engineering techniques used to fool users and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.
As part of the growing increase in electronic based communications, parties also conduct more transactions and document exchanges electronically. Thus, as mentioned above, the need for electronic documentation and document authenticity (i.e., the ability to either validate an individual signing an electronic document or subsequently validating who signed the electronic document) is a challenging task.
Current solutions tend to be based on signing electronic documents using digital certificates and public and private encryption keys. However, once an electronic document is signed using a digital certificate, it generally cannot be altered, such as by adding a person's handwritten signature). Thus, there is a challenge in integrating a person's physical signature (i.e., a hand-written signature or other type of signature gesture such as a physical gesture) within digitally signed documents.
It is therefore an object of the present disclosure to provide a method of encoding content, and in particular signature based content, into an image for use within digitally signed documents. Of utility then, are methods, apparatus and systems for encoding content, such as for example signature based content, into an image for use within digitally signed documents.